Why your next Echo command should be: ‘Disconnect me from the internet’

Closed-circuit cameras are among the internet-enabled devices that can be harnessed into a rogue botnet.
Bob Booth
Special to the Fort Worth Star-Telegram

WASHINGTON

Dr. Herbert Lin, one of the nation’s pre-eminent thinkers on cybersecurity policy, shuns the internet-connected devices that fill some American homes.

He’ll have nothing to do with “smart” refrigerators, hands-free home speakers he can call by name, intelligent thermostats and the like.

“People say to me, ‘How can you have a doctorate in physics from MIT and not trust in technology?’ And I look at them and say, ‘How can I have a doctorate in physics from MIT and trust technology?’ ” Lin said.

Part of what he distrusts is the “internet of things,” and the ease with which hackers can penetrate “smart” devices with digital worms and shanghai them into massive robotic networks to launch crippling digital attacks or generate ever greater quantities of spam.

Unlimited Digital Access: Only $0.99 For Your First Month

Get full access to The Sacramento Bee content across all your devices.

It is a mistrust based on mathematics. Internet-enabled devices are exploding in number. Gartner, a research giant in technology, says the devices will climb from 6.4 billion at the end of last year to 25 billion by 2020. Such growth sharply augments the power of hidden robotic networks, or botnets.

Now, an unseen battle unfolds. Weaponized digital worms are entering the scene and infecting masses of devices that obediently await instructions from a remote master to spring to action, possibly a new botnet attack.

The threat from botnets is so serious that FBI Director James Comey brought them up at a Senate hearing last week, saying the “zombie armies” created from internet devices can do tremendous harm.

“Last month, the FBI – working with our partners, with the Spanish national police – took down a botnet called the Kelihos botnet and locked up the Russian hacker behind that botnet,” Comey said. “He’s now in jail in Spain, and the good people’s computers who had been lashed to that zombie army have now been freed from it.”

Further botnet attacks are inevitable.

The next one could be just seconds or minutes from happening again.

J. Kevin Reid, analyst at KeyLogic

“The next one could be just seconds or minutes from happening again,” said J. Kevin Reid, a former FBI agent who leads the national security portfolio at KeyLogic, a Morgantown, West Virginia, firm that offers consulting services to the federal intelligence community.

A botnet already made headlines once. Last Oct. 21, a botnet slowed internet activity to a crawl along the Atlantic Seaboard. A hacker using a malicious worm dubbed Mirai – Japanese for “the future” – took over thousands of internet-connected security cameras and other seemingly innocuous devices and ordered them to fire relentless digital “pings” at a New Hampshire company, Dyn, that oversees part of the backbone of the internet. Dyn was overwhelmed, and popular sites such as Twitter and The New York Times were temporarily inaccessible.

Our dependence on technology may be growing faster than our ability to provide security on the internet, says Joshua Corman, head of a cybersecurity initiative at the Atlantic Council, a Washington DC think tank.

By

Now a new worm, dubbed Hajime – Japanese for “beginning” – is spreading.

The Moscow-based Kaspersky Lab estimated in late April that the Hajime worm had already penetrated 300,000 devices worldwide and could rally them into a botnet army at a moment’s notice.

Initial forensics reports suggested that the Hajime worm might be the creation of a “white hat” hacker working to thwart future attacks by Mirai botnets. Hajime leaves behind a message that says in part: “Just a white hat, securing some systems.” But even if Hajime is presently a force for good, protecting devices from Mirai infection, how long will that last? Some analysts have doubts.

“While infected with Hajime, the vulnerable devices are protected from known Mirai attacks,” a principal security researcher for Kaspersky Lab, Igor Soumenkov, said in an email. He added, however, that “Hajime’s spreading methods are malicious in nature” and the worm “may go rogue at any time.”

“I don’t want something working on my system when I don’t know what it is,” Lin said, adding that installing even protective worms is not cool.

Who knows what their definition of ‘white hat’ stuff is?

Dr. Herbert Lin, Stanford University

EDITORS: BEGIN OPTIONAL TRIM

“There is an informal consensus that this is not an ethical thing to do,” Lin added. “You only have their word for it that they are going to do good stuff. Who knows what their definition of ‘white hat’ stuff is? And if you did, how do you know they are doing it?”

Reid, the KeyLogic expert, said the Hajime worm was “a little more robust” than Mirai.

“It’s written in some higher order language. It’s very powerful,” he said.

The Hajime worm is programmed to avoid networks of certain U.S. companies and government entities, Soumenkov said, noting that they include those of General Electric, Hewlett-Packard, the U.S. Postal Service and the Department of Defense.

Such worms are designed to infect any device or machine with a connection to the internet, harnessing them as “zombie” soldiers in a botnet army. Infected devices can include not only appliances in the home, like coffeemakers and baby monitors, but also vending machines, soap dispensers, jet engines, lightbulbs and industrial micro-controllers.

Already, up to 90 percent of the email traffic on the internet is spam, although internet service providers do a pretty good job of clearing it out with spam filters, Lin said, letting only a fraction through.

“Let’s say you increase that fraction by a factor of 10, or 100, which is what these IoT botnets threaten to do,” Lin said. “I assure you at that point you will get a lot more spam in your email inbox. Let’s say you get 100 times as much spam as you get now. It might make your email account unusable.”